Browse Source

FIT: Rename FIT_DISABLE_SHA256 to FIT_ENABLE_SHA256_SUPPORT

We rename CONFIG_FIT_DISABLE_SHA256 to CONFIG_FIT_ENABLE_SHA256_SUPPORT which
is enabled by default and now a positive option.  Convert the handful of boards
that were disabling it before to save space.

Cc: Dirk Eibach <eibach@gdsys.de>
Cc: Lukasz Dalek <luk0104@gmail.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
tags/2020-06-01
Tom Rini 4 years ago
parent
commit
0db7f6859f
16 changed files with 25 additions and 36 deletions
  1. +13
    -0
      Kconfig
  2. +0
    -9
      README
  3. +1
    -0
      configs/dlvision-10g_defconfig
  4. +1
    -0
      configs/dlvision_defconfig
  5. +1
    -0
      configs/h2200_defconfig
  6. +1
    -0
      configs/io_defconfig
  7. +1
    -0
      configs/iocon_defconfig
  8. +1
    -0
      configs/neo_defconfig
  9. +0
    -3
      include/configs/dlvision-10g.h
  10. +0
    -3
      include/configs/dlvision.h
  11. +0
    -1
      include/configs/h2200.h
  12. +0
    -3
      include/configs/io.h
  13. +0
    -3
      include/configs/iocon.h
  14. +0
    -3
      include/configs/neo.h
  15. +6
    -10
      include/image.h
  16. +0
    -1
      scripts/config_whitelist.txt

+ 13
- 0
Kconfig View File

@@ -157,6 +157,19 @@ config FIT

if FIT

config FIT_ENABLE_SHA256_SUPPORT
bool "Support SHA256 checksum of FIT image contents"
default y
help
Enable this to support SHA256 checksum of FIT image contents. A
SHA256 checksum is a 256-bit (32-byte) hash value used to check that
the image contents have not been corrupted. SHA256 is recommended
for use in secure applications since (as at 2016) there is no known
feasible attack that could produce a 'collision' with differing
input data. Use this for the highest security. Note that only the
SHA256 variant is supported: SHA512 and others are not currently
supported in U-Boot.

config FIT_SIGNATURE
bool "Enable signature verification of FIT uImages"
depends on DM


+ 0
- 9
README View File

@@ -2973,15 +2973,6 @@ FIT uImage format:
This define is introduced, as the legacy image format is
enabled per default for backward compatibility.

- FIT image support:
CONFIG_FIT_DISABLE_SHA256
Supporting SHA256 hashes has quite an impact on binary size.
For constrained systems sha256 hash support can be disabled
with this option.

TODO(sjg@chromium.org): Adjust this option to be positive,
and move it to Kconfig

- Standalone program support:
CONFIG_STANDALONE_LOAD_ADDR



+ 1
- 0
configs/dlvision-10g_defconfig View File

@@ -3,6 +3,7 @@ CONFIG_IDENT_STRING=" dlvision-10g 0.06"
CONFIG_4xx=y
CONFIG_TARGET_DLVISION_10G=y
CONFIG_FIT=y
# CONFIG_FIT_ENABLE_SHA256_SUPPORT is not set
CONFIG_FIT_VERBOSE=y
CONFIG_OF_BOARD_SETUP=y
CONFIG_BOOTDELAY=5


+ 1
- 0
configs/dlvision_defconfig View File

@@ -3,6 +3,7 @@ CONFIG_IDENT_STRING=" dlvision 0.02"
CONFIG_4xx=y
CONFIG_TARGET_DLVISION=y
CONFIG_FIT=y
# CONFIG_FIT_ENABLE_SHA256_SUPPORT is not set
CONFIG_FIT_VERBOSE=y
CONFIG_OF_BOARD_SETUP=y
CONFIG_BOOTDELAY=5


+ 1
- 0
configs/h2200_defconfig View File

@@ -1,6 +1,7 @@
CONFIG_ARM=y
CONFIG_TARGET_H2200=y
CONFIG_FIT=y
# CONFIG_FIT_ENABLE_SHA256_SUPPORT is not set
CONFIG_SYS_CONSOLE_IS_IN_ENV=y
# CONFIG_DISPLAY_CPUINFO is not set
# CONFIG_DISPLAY_BOARDINFO is not set


+ 1
- 0
configs/io_defconfig View File

@@ -3,6 +3,7 @@ CONFIG_IDENT_STRING=" io 0.06"
CONFIG_4xx=y
CONFIG_TARGET_IO=y
CONFIG_FIT=y
# CONFIG_FIT_ENABLE_SHA256_SUPPORT is not set
CONFIG_FIT_VERBOSE=y
CONFIG_OF_BOARD_SETUP=y
CONFIG_BOOTDELAY=5


+ 1
- 0
configs/iocon_defconfig View File

@@ -3,6 +3,7 @@ CONFIG_IDENT_STRING=" iocon 0.06"
CONFIG_4xx=y
CONFIG_TARGET_IOCON=y
CONFIG_FIT=y
# CONFIG_FIT_ENABLE_SHA256_SUPPORT is not set
CONFIG_OF_BOARD_SETUP=y
CONFIG_BOOTDELAY=5
CONFIG_SYS_CONSOLE_INFO_QUIET=y


+ 1
- 0
configs/neo_defconfig View File

@@ -3,6 +3,7 @@ CONFIG_IDENT_STRING=" neo 0.02"
CONFIG_4xx=y
CONFIG_TARGET_NEO=y
CONFIG_FIT=y
# CONFIG_FIT_ENABLE_SHA256_SUPPORT is not set
CONFIG_FIT_VERBOSE=y
CONFIG_OF_BOARD_SETUP=y
CONFIG_BOOTDELAY=5


+ 0
- 3
include/configs/dlvision-10g.h View File

@@ -31,9 +31,6 @@
#define PLLMR0_DEFAULT PLLMR0_266_133_66
#define PLLMR1_DEFAULT PLLMR1_266_133_66

/* new uImage format support */
#define CONFIG_FIT_DISABLE_SHA256

#define CONFIG_ENV_IS_IN_FLASH /* use FLASH for environment vars */

/*


+ 0
- 3
include/configs/dlvision.h View File

@@ -29,9 +29,6 @@
#define PLLMR0_DEFAULT PLLMR0_266_133_66_33
#define PLLMR1_DEFAULT PLLMR1_266_133_66_33

/* new uImage format support */
#define CONFIG_FIT_DISABLE_SHA256

#define CONFIG_ENV_IS_IN_FLASH /* use FLASH for environment vars */

/*


+ 0
- 1
include/configs/h2200.h View File

@@ -109,7 +109,6 @@

#define CONFIG_SYS_BAUDRATE_TABLE { 9600, 38400, 115200 }

#define CONFIG_FIT_DISABLE_SHA256
#define CONFIG_SETUP_MEMORY_TAGS
#define CONFIG_CMDLINE_TAG
#define CONFIG_INITRD_TAG


+ 0
- 3
include/configs/io.h View File

@@ -31,9 +31,6 @@
#define PLLMR0_DEFAULT PLLMR0_266_133_66
#define PLLMR1_DEFAULT PLLMR1_266_133_66

/* new uImage format support */
#define CONFIG_FIT_DISABLE_SHA256

#define CONFIG_ENV_IS_IN_FLASH /* use FLASH for environment vars */

/*


+ 0
- 3
include/configs/iocon.h View File

@@ -33,9 +33,6 @@
#define PLLMR0_DEFAULT PLLMR0_266_133_66
#define PLLMR1_DEFAULT PLLMR1_266_133_66

/* new uImage format support */
#define CONFIG_FIT_DISABLE_SHA256

#define CONFIG_ENV_IS_IN_FLASH /* use FLASH for environment vars */

/*


+ 0
- 3
include/configs/neo.h View File

@@ -31,9 +31,6 @@
#define PLLMR0_DEFAULT PLLMR0_266_133_66_33
#define PLLMR1_DEFAULT PLLMR1_266_133_66_33

/* new uImage format support */
#define CONFIG_FIT_DISABLE_SHA256

#define CONFIG_ENV_IS_IN_FLASH /* use FLASH for environment vars */

/*


+ 6
- 10
include/image.h View File

@@ -29,6 +29,7 @@ struct lmb;
#define IMAGE_ENABLE_FIT 1
#define IMAGE_ENABLE_OF_LIBFDT 1
#define CONFIG_FIT_VERBOSE 1 /* enable fit_format_{error,warning}() */
#define CONFIG_FIT_ENABLE_SHA256_SUPPORT

#define IMAGE_ENABLE_IGNORE 0
#define IMAGE_INDENT_STRING ""
@@ -62,9 +63,6 @@ struct lmb;
# ifdef CONFIG_SPL_SHA1_SUPPORT
# define IMAGE_ENABLE_SHA1 1
# endif
# ifdef CONFIG_SPL_SHA256_SUPPORT
# define IMAGE_ENABLE_SHA256 1
# endif
# else
# define CONFIG_CRC32 /* FIT images need CRC32 support */
# define CONFIG_SHA1 /* and SHA1 */
@@ -72,14 +70,8 @@ struct lmb;
# define IMAGE_ENABLE_CRC32 1
# define IMAGE_ENABLE_MD5 1
# define IMAGE_ENABLE_SHA1 1
# define IMAGE_ENABLE_SHA256 1
# endif

#ifdef CONFIG_FIT_DISABLE_SHA256
#undef CONFIG_SHA256
#undef IMAGE_ENABLE_SHA256
#endif

#ifndef IMAGE_ENABLE_CRC32
#define IMAGE_ENABLE_CRC32 0
#endif
@@ -92,7 +84,11 @@ struct lmb;
#define IMAGE_ENABLE_SHA1 0
#endif

#ifndef IMAGE_ENABLE_SHA256
#if defined(CONFIG_FIT_ENABLE_SHA256_SUPPORT) || \
defined(CONFIG_SPL_SHA256_SUPPORT)
#define CONFIG_SHA256
#define IMAGE_ENABLE_SHA256 1
#else
#define IMAGE_ENABLE_SHA256 0
#endif



+ 0
- 1
scripts/config_whitelist.txt View File

@@ -947,7 +947,6 @@ CONFIG_FFUART
CONFIG_FILE
CONFIG_FIRMWARE_OFFSET
CONFIG_FIRMWARE_SIZE
CONFIG_FIT_DISABLE_SHA256
CONFIG_FIXED_PHY
CONFIG_FIXED_PHY_ADDR
CONFIG_FIXED_SDHCI_ALIGNED_BUFFER